Thread Starter
dcorp
(@dcorp)
Yes,
“use (name-of-database)” (select WordPress database)
“show tables;” (you’re looking for a table name with “users” at the end)
It still wants you to select name of database, such as in PHPmyadmin version.
The issue is, the hackers could change them all at once, so there must be a code to do this lightning fast. otherwise it takes too long.
🙁
Put your commands in a shell script and run them.
Eg. – http://stackoverflow.com/questions/8055694/how-to-execute-a-mysql-command-from-a-shell-script
You might want to seriously rethink about your server setup.
Thread Starter
dcorp
(@dcorp)
Thank you, for now I handled it manually, changing pw of 300 sites didnt take long time as I was afraid.
The hacker used mass.php, I found it in one of my wordpress site’s public_html, no idea how they created it there but most likely from wordpress leaks..
[Redacted link to ‘hack’]
this version uses two methods for getting sites & users & config file
Do you have any idea about this mass defacer and how to prevent it?
I still have 120~ non updated wordpress install/ I think even if 1 site has the problematic wordpress version, they leak into all my other sites too?
I looked at the file.
This will only work on the website whose owner runs the file directly. It does not even make use of any exploits.
The fact that it has also affected other websites is simply because your server is terribly insecure.
Please secure your server, you have a great responsibility as a server admin to the web and especially to your clients.
